CVE-2005-3971

Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://support.citrix.com/article/CTX108208	Patch Vendor Advisory
http://www.securityfocus.com/bid/15664	Patch
http://secunia.com/advisories/17819	Patch Vendor Advisory
http://securitytracker.com/id?1015304
http://securitytracker.com/id?1015305
http://www.vupen.com/english/advisories/2005/2676
https://exchange.xforce.ibmcloud.com/vulnerabilities/23396

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:citrix:metaframe_secure_access_manager:2.0:::::::*
	cpe:2.3:a:citrix:nfuse:1.0::elite:::::
	cpe:2.3:a:citrix:metaframe_secure_access_manager:2.1:::::::*
	cpe:2.3:a:citrix:metaframe_secure_access_manager:2.2:::::::*

Information

Published : 2005-12-03 11:03

Updated : 2017-07-19 18:29

NVD link : CVE-2005-3971

Mitre link : CVE-2005-3971

JSON object : View

CWE

NVD-CWE-Other

Products Affected

citrix

nfuse
metaframe_secure_access_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.citrix.com/article/CTX108208", "name": "http://support.citrix.com/article/CTX108208", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/15664", "name": "15664", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/17819", "name": "17819", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1015304", "name": "1015304", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1015305", "name": "1015305", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2005/2676", "name": "ADV-2005-2676", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23396", "name": "citrix-login-xss(23396)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-3971", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-12-03T19:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:citrix:metaframe_secure_access_manager:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:nfuse:1.0:*:elite:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:metaframe_secure_access_manager:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:metaframe_secure_access_manager:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:29Z"}

4.3 /10